OSEC

Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com
 
From: Lupe Christoph (lupe_at_lupe-christoph.de)
Date: Wed Sep 11 2002 - 11:54:43 CDT

  • Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]

    On Wednesday, 2002-09-11 at 09:16:22 -0700, Gregory Neil Shapiro wrote:
    > lupe> error: safesasl(/usr/local/etc/sasldb.db) failed: Group readable file
    > lupe> Chmodding to 600 gives:
    > lupe> error: safesasl(/usr/local/etc/sasldb.db) failed: Permission denied
    > lupe> Sigh.

    > It shouldn't, assuming it is owned by root (which is should be).

    It's not:
    -rw-r----- 1 cyrus mail 16384 Sep 11 17:32 /usr/local/etc/sasldb.db

    > Instead of the chmod, you can also use this in your .mc file:

    > define(`confDONT_BLAME_SENDMAIL', `GroupReadableSASLDBFile')dnl

    ... and sendmail will fall on it's face because of the ownership,
    I'd guess.

    > lupe> But when I edit /etc/mail/sendmail.cf:
    > lupe> -#O AuthMechanisms=GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5
    > lupe> +O AuthMechanisms=PLAIN GSSAPI KERBEROS_V4 DIGEST-MD5 CRAM-MD5

    > Don't hand edit a .cf file, use the .mc file. For example:

    For small tweaks, I do. For bigger things (and in the end, ASMTP would
    probably fall in this category), I don't.

    > define(`confAUTH_MECHANISMS', `EXTERNAL DIGEST-MD5 CRAM-MD5')dnl

    > lupe> I would *very much* appreciate if anybody who is in a situation that
    > lupe> allows to test this would do so.

    > You can visit http://test.smtp.org/ if you need a machine to test against.

    Sorry, it's not lack of a host to speak ASMTP with, at least for the
    client side, I can do this with my ISPs mail relay. It's because all the
    FreeBSD boxen I have are Firewalls and I don't want to experiment too
    much on them (my own firewall is OK for local tests). I was hoping
    somebody had a desktop box or so to play with.

    Lupe Christoph 

    -- 
| lupelupe-christoph.de       |           http://www.lupe-christoph.de/ |
| Big Misunderstandings #6398: The Titanic was not supposed to be        |
| unsinkable. The designer had a speech impediment. He said: "I have     |
| thith great unthinkable conthept ..."                                  |

    To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message